nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/bind/tests/test_bind.py
Sunil Mohan Adapa 158366feea
bind: Drop enabling DNSSEC (deprecated) as it is always enabled 
- As of bind 9.16, the option to enable DNSSEC 'dnssec-enable' is obsolete and
has no effect[1]. The option 'dnssec-validation' controls DNSSEC validation and
is set to 'auto' by default. 'auto' means that DNSSEC validation is enabled and
default trust anchor is used for DNS root zone. DNSSEC signatures are also
passed onto a client whenever available. Current stable, Debian Buster, has
version 9.16[3].

- As of bind 9.18, the option to enable DNSSEC 'dnssec-enable' is not recognized
and causes the daemon to fail to start[2]. Debian next, Debian Bookworm, has
version 9.18[3]. Therefore, in testing and unstable, bind fails to start of
installation from FreedomBox.

- There is no use-case for changing the current default behavior.

Links:

1)
https://bind9.readthedocs.io/en/v9_16_32/reference.html#dnssec-validation-option

2) https://bind9.readthedocs.io/en/v9_18_6/reference.html

3) https://tracker.debian.org/pkg/bind9

Tests:

- Run functional and unit tests.

- Option to enable/disable DNSSEC is removed.

- When bind is installed on testing without the patch, it fails to start. When
the patch is applied, bind will be upgraded, the dnssec-enable option is removed
from the configuration file /etc/bind/named.conf.options and bind is running.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2022-10-08 18:54:08 -04:00

89 lines
2.5 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""
Test actions for configuring bind
"""
from pathlib import Path
import pytest
from plinth.modules import bind
@pytest.fixture(name='configuration_file')
def fixture_configuration_file(tmp_path):
"""Setup the a bind configuration file temporary directory."""
conf_file = tmp_path / 'named.conf.options'
conf_file.write_text(bind.privileged.DEFAULT_CONFIG)
old_config_file = bind.privileged.CONFIG_FILE
bind.privileged.CONFIG_FILE = str(conf_file)
yield
bind.privileged.CONFIG_FILE = old_config_file
@pytest.fixture
def bind_zones_folder(tmp_path):
"""Setup the a bind configuration file temporary directory."""
test_zone_file = """
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA {name} root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS {name}
@ IN A {a_record}
@ IN AAAA {aaaa_record}
""" # noqa
old_zones_dir = bind.privileged.ZONES_DIR
bind.privileged.ZONES_DIR = tmp_path
zones_dir_path = Path(bind.privileged.ZONES_DIR)
zones_dir_path.mkdir(exist_ok=True, parents=True)
local_path = zones_dir_path / "local.zone"
local_path.write_text(
test_zone_file.format(name='localhost.', a_record="127.0.0.1",
aaaa_record="::1"))
custom_zone_path = zones_dir_path / "custom.zone"
custom_zone_path.write_text(
test_zone_file.format(name='custom.domain.', a_record="10.10.10.1",
aaaa_record="fe80::c6e9:84ff:fe16:95da"))
yield
local_path.unlink()
custom_zone_path.unlink()
bind.privileged.ZONES_DIR = old_zones_dir
@pytest.mark.usefixtures('configuration_file')
def test_set_forwarders():
"""Test that setting forwarders works."""
bind.privileged._set_forwarders('8.8.8.8 8.8.4.4')
conf = bind.privileged.get_config()
assert conf['forwarders'] == '8.8.8.8 8.8.4.4'
bind.privileged._set_forwarders('')
conf = bind.privileged.get_config()
assert conf['forwarders'] == ''
@pytest.mark.usefixtures('bind_zones_folder')
def test_get_correct_served_domains():
"""
Test that get_served_domains collects the right a/aaaa records from zone
files
"""
served_domains = bind.privileged.get_served_domains()
assert served_domains['localhost.'] == ["127.0.0.1", "::1"]
assert served_domains['custom.domain.'] == [
"10.10.10.1", "fe80::c6e9:84ff:fe16:95da"
]
Reference in New Issue View Git Blame Copy Permalink